CVE-2026-35603

Source
https://cve.org/CVERecord?id=CVE-2026-35603
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35603.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-35603
Aliases
Downstream
Published
2026-04-17T20:38:49.901Z
Modified
2026-07-08T08:12:39.986879241Z
Severity
  • 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
Details

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. This issue has been fixed on version 2.1.75.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-426"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35603.json"
}
References

Affected packages

Git / github.com/anthropics/claude-code

Affected ranges

Type
GIT
Repo
https://github.com/anthropics/claude-code
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.75"
        }
    ],
    "cpe": "cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

v2.*
v2.0.73
v2.0.74
v2.0.76
v2.1.0
v2.1.1
v2.1.11
v2.1.12
v2.1.14
v2.1.15
v2.1.16
v2.1.17
v2.1.19
v2.1.2
v2.1.20
v2.1.21
v2.1.22
v2.1.23
v2.1.25
v2.1.27
v2.1.29
v2.1.3
v2.1.30
v2.1.31
v2.1.32
v2.1.33
v2.1.34
v2.1.36
v2.1.37
v2.1.38
v2.1.39
v2.1.4
v2.1.41
v2.1.42
v2.1.44
v2.1.45
v2.1.47
v2.1.49
v2.1.5
v2.1.50
v2.1.51
v2.1.52
v2.1.53
v2.1.55
v2.1.56
v2.1.58
v2.1.59
v2.1.6
v2.1.61
v2.1.62
v2.1.63
v2.1.66
v2.1.68
v2.1.69
v2.1.7
v2.1.70
v2.1.71
v2.1.72
v2.1.73
v2.1.74
v2.1.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35603.json"